From 574b53059c48fc68802ec7a65dcace32d279e032 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 1 Sep 2025 00:48:46 +0000 Subject: [PATCH] chore: update SBOM for Python 3.11 --- sbom/cve-bin-tool-py3.11.json | 241 ++++++++++++++++++---------- sbom/cve-bin-tool-py3.11.spdx | 290 ++++++++++++++++++---------------- 2 files changed, 311 insertions(+), 220 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 963bf4b5f8..66e9c668e6 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:568fe5b9-c817-4c18-acd3-376b87232894", + "serialNumber": "urn:uuid:d90eff78-16be-44f7-8e29-8cb709dfe21f", "version": 1, "metadata": { - "timestamp": "2025-08-25T00:45:26Z", + "timestamp": "2025-09-01T00:48:45Z", "lifecycles": [ { "phase": "build" @@ -388,7 +388,7 @@ "type": "library", "bom-ref": "6-typing-extensions", "name": "typing-extensions", - "version": "4.14.1", + "version": "4.15.0", "supplier": { "name": "Guido van Jukka ukasz Michael", "contact": [ @@ -397,12 +397,12 @@ } ] }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.14.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.15.0:*:*:*:*:*:*:*", "description": "Backported and Experimental Type Hints for Python 3.9+", "hashes": [ { "alg": "SHA-256", - "content": "d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76" + "content": "f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548" } ], "externalReferences": [ @@ -412,7 +412,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/typing-extensions/4.14.1/#files", + "url": "https://pypi.org/project/typing-extensions/4.15.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -437,11 +437,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/typing-extensions@4.14.1", + "purl": "pkg:pypi/typing-extensions@4.15.0", "properties": [ { "name": "release_date", - "value": "2025-07-04T13:28:32Z" + "value": "2025-08-25T13:49:24Z" }, { "name": "language", @@ -942,7 +942,7 @@ "type": "library", "bom-ref": "13-soupsieve", "name": "soupsieve", - "version": "2.7", + "version": "2.8", "supplier": { "name": "Isaac Muse", "contact": [ @@ -951,12 +951,12 @@ } ] }, - "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.8:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { "alg": "SHA-256", - "content": "6e60cc5c1ffaf1cebcc12e8188320b72071e922c2e897f737cadce79ad5d30c4" + "content": "0cc76456a30e20f5d7f2e14a98a4ae2ee4e5abdc7c5ea0aafe795f344bc7984c" } ], "licenses": [ @@ -975,16 +975,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/soupsieve/2.7/#files", + "url": "https://pypi.org/project/soupsieve/2.8/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/soupsieve@2.7", + "purl": "pkg:pypi/soupsieve@2.8", "properties": [ { "name": "release_date", - "value": "2025-04-20T18:50:07Z" + "value": "2025-08-27T15:39:50Z" }, { "name": "language", @@ -3183,7 +3183,7 @@ "type": "library", "bom-ref": "48-rpds-py", "name": "rpds-py", - "version": "0.27.0", + "version": "0.27.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -3192,12 +3192,12 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.27.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "hashes": [ { "alg": "SHA-256", - "content": "130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4" + "content": "68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef" } ], "externalReferences": [ @@ -3207,7 +3207,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.27.0/#files", + "url": "https://pypi.org/project/rpds-py/0.27.1/#files", "type": "distribution", "comment": "Download location for component" }, @@ -3236,11 +3236,11 @@ "type": "other" } ], - "purl": "pkg:pypi/rpds-py@0.27.0", + "purl": "pkg:pypi/rpds-py@0.27.1", "properties": [ { "name": "release_date", - "value": "2025-08-07T08:23:06Z" + "value": "2025-08-27T12:12:25Z" }, { "name": "language", @@ -3256,7 +3256,7 @@ "type": "library", "bom-ref": "49-lib4sbom", "name": "lib4sbom", - "version": "0.8.7", + "version": "0.8.8", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -3265,12 +3265,12 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "hashes": [ { "alg": "SHA-256", - "content": "a8bfaff60ede5dad035cc01b82b8d1abd59be5c78af5158ba5ea4cc75b971b94" + "content": "c8622549fddd568ac473e085be8d08d8eeb3338bd813612f50da189645cdaccf" } ], "licenses": [ @@ -3289,16 +3289,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.8.7/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.8/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.8.7", + "purl": "pkg:pypi/lib4sbom@0.8.8", "properties": [ { "name": "release_date", - "value": "2025-07-10T16:55:09Z" + "value": "2025-08-29T17:06:49Z" }, { "name": "language", @@ -3452,7 +3452,69 @@ }, { "type": "library", - "bom-ref": "52-xmlschema", + "bom-ref": "52-fastjsonschema", + "name": "fastjsonschema", + "version": "2.21.2", + "supplier": { + "name": "Michal Horejsek", + "contact": [ + { + "email": "fastjsonschema@horejsek.com" + } + ] + }, + "cpe": "cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:*:*:*:*:*:*:*", + "description": "Fastest Python implementation of JSON schema", + "hashes": [ + { + "alg": "SHA-256", + "content": "1c797122d0a86c5cace2e54bf4e819c36223b552017172f32c5c024a6b77e463" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/horejsek/python-fastjsonschema", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/fastjsonschema/2.21.2/#files", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/fastjsonschema@2.21.2", + "properties": [ + { + "name": "release_date", + "value": "2025-08-14T18:49:34Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.13" + }, + { + "name": "License Comments", + "value": "fastjsonschema declares BSD which is not currently a valid SPDX License identifier or expression." + } + ] + }, + { + "type": "library", + "bom-ref": "53-xmlschema", "name": "xmlschema", "version": "4.1.0", "supplier": { @@ -3501,7 +3563,7 @@ }, { "type": "library", - "bom-ref": "53-elementpath", + "bom-ref": "54-elementpath", "name": "elementpath", "version": "5.0.4", "supplier": { @@ -3550,7 +3612,7 @@ }, { "type": "library", - "bom-ref": "54-lib4vex", + "bom-ref": "55-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -3608,7 +3670,7 @@ }, { "type": "library", - "bom-ref": "55-csaf-tool", + "bom-ref": "56-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -3666,7 +3728,7 @@ }, { "type": "library", - "bom-ref": "56-packageurl-python", + "bom-ref": "57-packageurl-python", "name": "packageurl-python", "version": "0.17.5", "supplier": { @@ -3719,7 +3781,7 @@ }, { "type": "library", - "bom-ref": "57-rich", + "bom-ref": "58-rich", "name": "rich", "version": "14.1.0", "supplier": { @@ -3781,7 +3843,7 @@ }, { "type": "library", - "bom-ref": "58-markdown-it-py", + "bom-ref": "59-markdown-it-py", "name": "markdown-it-py", "version": "4.0.0", "supplier": { @@ -3847,7 +3909,7 @@ }, { "type": "library", - "bom-ref": "59-mdurl", + "bom-ref": "60-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -3909,7 +3971,7 @@ }, { "type": "library", - "bom-ref": "60-pygments", + "bom-ref": "61-pygments", "name": "pygments", "version": "2.19.2", "supplier": { @@ -3983,7 +4045,7 @@ }, { "type": "library", - "bom-ref": "61-packaging", + "bom-ref": "62-packaging", "name": "packaging", "version": "25.0", "supplier": { @@ -4045,7 +4107,7 @@ }, { "type": "library", - "bom-ref": "62-plotly", + "bom-ref": "63-plotly", "name": "plotly", "version": "6.3.0", "supplier": { @@ -4110,9 +4172,9 @@ }, { "type": "library", - "bom-ref": "63-narwhals", + "bom-ref": "64-narwhals", "name": "narwhals", - "version": "2.1.2", + "version": "2.2.0", "supplier": { "name": "Marco Gorelli", "contact": [ @@ -4121,8 +4183,14 @@ } ] }, - "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.1.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:marco_gorelli:narwhals:2.2.0:*:*:*:*:*:*:*", "description": "Extremely lightweight compatibility layer between dataframe libraries", + "hashes": [ + { + "alg": "SHA-256", + "content": "2b5e3d61a486fa4328c286b0c8018b3e781a964947ff725d66ba12f6d5ca3d2a" + } + ], "licenses": [ { "license": { @@ -4139,7 +4207,7 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/narwhals/2.1.2/#files", + "url": "https://pypi.org/project/narwhals/2.2.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -4156,11 +4224,11 @@ "type": "issue-tracker" } ], - "purl": "pkg:pypi/narwhals@2.1.2", + "purl": "pkg:pypi/narwhals@2.2.0", "properties": [ { "name": "release_date", - "value": "2025-08-12T20:22:09Z" + "value": "2025-08-25T07:51:56Z" }, { "name": "language", @@ -4178,7 +4246,7 @@ }, { "type": "library", - "bom-ref": "64-python-gnupg", + "bom-ref": "65-python-gnupg", "name": "python-gnupg", "version": "0.5.5", "supplier": { @@ -4252,7 +4320,7 @@ }, { "type": "library", - "bom-ref": "65-requests", + "bom-ref": "66-requests", "name": "requests", "version": "2.32.5", "supplier": { @@ -4318,7 +4386,7 @@ }, { "type": "library", - "bom-ref": "66-charset-normalizer", + "bom-ref": "67-charset-normalizer", "name": "charset-normalizer", "version": "3.4.3", "supplier": { @@ -4387,7 +4455,7 @@ }, { "type": "library", - "bom-ref": "67-urllib3", + "bom-ref": "68-urllib3", "name": "urllib3", "version": "2.5.0", "supplier": { @@ -4447,7 +4515,7 @@ }, { "type": "library", - "bom-ref": "68-certifi", + "bom-ref": "69-certifi", "name": "certifi", "version": "2025.8.3", "supplier": { @@ -4509,7 +4577,7 @@ }, { "type": "library", - "bom-ref": "69-rpmfile", + "bom-ref": "70-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -4567,7 +4635,7 @@ }, { "type": "library", - "bom-ref": "70-setuptools", + "bom-ref": "71-setuptools", "name": "setuptools", "version": "80.9.0", "supplier": { @@ -4623,7 +4691,7 @@ }, { "type": "library", - "bom-ref": "71-zipp", + "bom-ref": "72-zipp", "name": "zipp", "version": "3.23.0", "supplier": { @@ -4671,7 +4739,7 @@ }, { "type": "library", - "bom-ref": "72-zstandard", + "bom-ref": "73-zstandard", "name": "zstandard", "version": "0.24.0", "supplier": { @@ -4756,20 +4824,20 @@ "43-jinja2", "45-jsonschema", "49-lib4sbom", - "54-lib4vex", - "56-packageurl-python", - "61-packaging", - "62-plotly", - "64-python-gnupg", + "55-lib4vex", + "57-packageurl-python", + "62-packaging", + "63-plotly", + "65-python-gnupg", "50-pyyaml", - "65-requests", - "57-rich", - "69-rpmfile", - "70-setuptools", - "67-urllib3", - "52-xmlschema", - "71-zipp", - "72-zstandard" + "66-requests", + "58-rich", + "70-rpmfile", + "71-setuptools", + "68-urllib3", + "53-xmlschema", + "72-zipp", + "73-zstandard" ] }, { @@ -4962,58 +5030,59 @@ "50-pyyaml", "51-semantic-version", "15-defusedxml", + "52-fastjsonschema", "45-jsonschema", - "52-xmlschema" + "53-xmlschema" ] }, { - "ref": "52-xmlschema", + "ref": "53-xmlschema", "dependsOn": [ - "53-elementpath" + "54-elementpath" ] }, { - "ref": "54-lib4vex", + "ref": "55-lib4vex", "dependsOn": [ "49-lib4sbom", - "55-csaf-tool", - "56-packageurl-python" + "56-csaf-tool", + "57-packageurl-python" ] }, { - "ref": "55-csaf-tool", + "ref": "56-csaf-tool", "dependsOn": [ - "56-packageurl-python", - "57-rich" + "57-packageurl-python", + "58-rich" ] }, { - "ref": "57-rich", + "ref": "58-rich", "dependsOn": [ - "58-markdown-it-py", - "60-pygments" + "59-markdown-it-py", + "61-pygments" ] }, { - "ref": "58-markdown-it-py", + "ref": "59-markdown-it-py", "dependsOn": [ - "59-mdurl" + "60-mdurl" ] }, { - "ref": "62-plotly", + "ref": "63-plotly", "dependsOn": [ - "63-narwhals", - "61-packaging" + "64-narwhals", + "62-packaging" ] }, { - "ref": "65-requests", + "ref": "66-requests", "dependsOn": [ - "66-charset-normalizer", + "67-charset-normalizer", "11-idna", - "67-urllib3", - "68-certifi" + "68-urllib3", + "69-certifi" ] } ] diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index c46cec142b..6bcc6df76f 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3dbef033-c277-49cc-ad39-52824d6daa6c +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-33bddcb8-5082-4028-a9a1-abc50bb190dd LicenseListVersion: 3.26 Creator: Tool: sbom4python-0.12.4 -Created: 2025-08-25T00:45:01Z +Created: 2025-09-01T00:48:27Z CreatorComment: SBOM Type: Build - This document has been automatically generated. ##### @@ -123,25 +123,25 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.7.0 PackageName: typing-extensions SPDXID: SPDXRef-6-typing-extensions -PackageVersion: 4.14.1 +PackageVersion: 4.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.14.1/#files +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.15.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python/typing_extensions -PackageChecksum: SHA256: d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76 +PackageChecksum: SHA256: f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.9+ -ReleaseDate: 2025-07-04T13:28:32Z +ReleaseDate: 2025-08-25T13:49:24Z ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ ExternalRef: OTHER other https://github.com/python/typing/discussions ExternalRef: OTHER vcs https://github.com/python/typing_extensions -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.14.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.14.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.15.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.15.0:*:*:*:*:*:*:* ##### PackageName: attrs @@ -291,21 +291,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.13 PackageName: soupsieve SPDXID: SPDXRef-13-soupsieve -PackageVersion: 2.7 +PackageVersion: 2.8 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) -PackageDownloadLocation: https://pypi.org/project/soupsieve/2.7/#files +PackageDownloadLocation: https://pypi.org/project/soupsieve/2.8/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA256: 6e60cc5c1ffaf1cebcc12e8188320b72071e922c2e897f737cadce79ad5d30c4 +PackageChecksum: SHA256: 0cc76456a30e20f5d7f2e14a98a4ae2ee4e5abdc7c5ea0aafe795f344bc7984c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: soupsieve declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. -ReleaseDate: 2025-04-20T18:50:07Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.7:*:*:*:*:*:*:* +ReleaseDate: 2025-08-27T15:39:50Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.8 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.8:*:*:*:*:*:*:* ##### PackageName: cvss @@ -902,6 +902,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false +PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets @@ -935,7 +936,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ReleaseDate: 2025-03-05T20:05:00Z +ReleaseDate: 2024-10-18T15:20:51Z ExternalRef: OTHER other https://palletsprojects.com/donate ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ @@ -1017,44 +1018,44 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.36.2:*:*:* PackageName: rpds-py SPDXID: SPDXRef-48-rpds-py -PackageVersion: 0.27.0 +PackageVersion: 0.27.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.27.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.27.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA256: 130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4 +PackageChecksum: SHA256: 68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ReleaseDate: 2025-08-07T08:23:06Z +ReleaseDate: 2025-08-27T12:12:25Z ExternalRef: OTHER documentation https://rpds.readthedocs.io/ ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER vcs https://github.com/crate-py/rpds ExternalRef: OTHER other https://github.com/orium/rpds -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.27.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.27.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.27.1:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-49-lib4sbom -PackageVersion: 0.8.7 +PackageVersion: 0.8.8 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.7/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.8/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom -PackageChecksum: SHA256: a8bfaff60ede5dad035cc01b82b8d1abd59be5c78af5158ba5ea4cc75b971b94 +PackageChecksum: SHA256: c8622549fddd568ac473e085be8d08d8eeb3338bd813612f50da189645cdaccf PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ReleaseDate: 2025-07-10T16:55:09Z -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.7:*:*:*:*:*:*:* +ReleaseDate: 2025-08-29T17:06:49Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.8 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.8:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -1099,8 +1100,27 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### +PackageName: fastjsonschema +SPDXID: SPDXRef-52-fastjsonschema +PackageVersion: 2.21.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Michal Horejsek (fastjsonschema@horejsek.com) +PackageDownloadLocation: https://pypi.org/project/fastjsonschema/2.21.2/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/horejsek/python-fastjsonschema +PackageChecksum: SHA256: 1c797122d0a86c5cace2e54bf4e819c36223b552017172f32c5c024a6b77e463 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: fastjsonschema declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Fastest Python implementation of JSON schema +ReleaseDate: 2025-08-14T18:49:34Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fastjsonschema@2.21.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:michal_horejsek:fastjsonschema:2.21.2:*:*:*:*:*:*:* +##### + PackageName: xmlschema -SPDXID: SPDXRef-52-xmlschema +SPDXID: SPDXRef-53-xmlschema PackageVersion: 4.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1118,7 +1138,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:4.1.0:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-53-elementpath +SPDXID: SPDXRef-54-elementpath PackageVersion: 5.0.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1136,7 +1156,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:5.0.4:*:*:* ##### PackageName: lib4vex -SPDXID: SPDXRef-54-lib4vex +SPDXID: SPDXRef-55-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -1154,7 +1174,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-55-csaf-tool +SPDXID: SPDXRef-56-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -1172,7 +1192,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-56-packageurl-python +SPDXID: SPDXRef-57-packageurl-python PackageVersion: 0.17.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -1190,7 +1210,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-57-rich +SPDXID: SPDXRef-58-rich PackageVersion: 14.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -1209,7 +1229,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:14.1.0:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-58-markdown-it-py +SPDXID: SPDXRef-59-markdown-it-py PackageVersion: 4.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -1229,7 +1249,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:4.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-59-mdurl +SPDXID: SPDXRef-60-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -1248,7 +1268,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-60-pygments +SPDXID: SPDXRef-61-pygments PackageVersion: 2.19.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -1270,7 +1290,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.19.2:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-61-packaging +SPDXID: SPDXRef-62-packaging PackageVersion: 25.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -1290,7 +1310,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:25.0:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-62-plotly +SPDXID: SPDXRef-63-plotly PackageVersion: 6.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -1333,28 +1353,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:6.3.0:*:*:*:*:*:*:* ##### PackageName: narwhals -SPDXID: SPDXRef-63-narwhals -PackageVersion: 2.1.2 +SPDXID: SPDXRef-64-narwhals +PackageVersion: 2.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Marco Gorelli (hello_narwhals@proton.me) -PackageDownloadLocation: https://pypi.org/project/narwhals/2.1.2/#files +PackageDownloadLocation: https://pypi.org/project/narwhals/2.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/narwhals-dev/narwhals +PackageChecksum: SHA256: 2b5e3d61a486fa4328c286b0c8018b3e781a964947ff725d66ba12f6d5ca3d2a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: narwhals declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Extremely lightweight compatibility layer between dataframe libraries -ReleaseDate: 2025-08-12T20:22:09Z +ReleaseDate: 2025-08-25T07:51:56Z ExternalRef: OTHER documentation https://narwhals-dev.github.io/narwhals/ ExternalRef: OTHER vcs https://github.com/narwhals-dev/narwhals ExternalRef: OTHER issue-tracker https://github.com/narwhals-dev/narwhals/issues -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.1.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.1.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/narwhals@2.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:marco_gorelli:narwhals:2.2.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-64-python-gnupg +SPDXID: SPDXRef-65-python-gnupg PackageVersion: 0.5.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -1376,7 +1397,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.5:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-65-requests +SPDXID: SPDXRef-66-requests PackageVersion: 2.32.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -1396,7 +1417,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.5:*:*:*:*: ##### PackageName: charset-normalizer -SPDXID: SPDXRef-66-charset-normalizer +SPDXID: SPDXRef-67-charset-normalizer PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Ahmed R. (tahri.ahmed@proton.me) @@ -1417,7 +1438,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_r.:charset-normalizer:3.4.3:*:*: ##### PackageName: urllib3 -SPDXID: SPDXRef-67-urllib3 +SPDXID: SPDXRef-68-urllib3 PackageVersion: 2.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1438,7 +1459,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.5.0:*:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-68-certifi +SPDXID: SPDXRef-69-certifi PackageVersion: 2025.8.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -1457,7 +1478,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2025.8.3:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-69-rpmfile +SPDXID: SPDXRef-70-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1475,7 +1496,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-70-setuptools +SPDXID: SPDXRef-71-setuptools PackageVersion: 80.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) @@ -1495,7 +1516,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools: ##### PackageName: zipp -SPDXID: SPDXRef-71-zipp +SPDXID: SPDXRef-72-zipp PackageVersion: 3.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) @@ -1513,7 +1534,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.23.0:*:*:*:*:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-72-zstandard +SPDXID: SPDXRef-73-zstandard PackageVersion: 0.24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1532,117 +1553,118 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.24.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.24.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-12-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-gsutil +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-43-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-50-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-xmlschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-zstandard +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal +Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist +Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-6-typing-extensions +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-6-typing-extensions +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-9-propcache +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-12-beautifulsoup4 Relationship: SPDXRef-12-beautifulsoup4 DEPENDS_ON SPDXRef-13-soupsieve Relationship: SPDXRef-12-beautifulsoup4 DEPENDS_ON SPDXRef-6-typing-extensions +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-gsutil Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-19-argcomplete Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-20-crcmod Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-21-fasteners Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-22-gcs-oauth2-boto-plugin -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-26-google-reauth -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-33-pyopenssl -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-37-retry-decorator -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-38-google-auth -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-40-google-auth-httplib2 -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-41-google-apitools -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-42-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-propcache Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-rsa +Relationship: SPDXRef-23-rsa DEPENDS_ON SPDXRef-24-pyasn1 Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-boto Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-google-reauth -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-oauth2client -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-pyopenssl -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-retry-decorator -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-38-google-auth -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth-httplib2 -Relationship: SPDXRef-23-rsa DEPENDS_ON SPDXRef-24-pyasn1 Relationship: SPDXRef-26-google-reauth DEPENDS_ON SPDXRef-27-pyu2f Relationship: SPDXRef-27-pyu2f DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-httplib2 Relationship: SPDXRef-29-httplib2 DEPENDS_ON SPDXRef-30-pyparsing -Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-23-rsa -Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-24-pyasn1 -Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-oauth2client Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-29-httplib2 +Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-24-pyasn1 Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-32-pyasn1-modules Relationship: SPDXRef-32-pyasn1-modules DEPENDS_ON SPDXRef-24-pyasn1 +Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-23-rsa +Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-pyopenssl Relationship: SPDXRef-33-pyopenssl DEPENDS_ON SPDXRef-34-cryptography Relationship: SPDXRef-34-cryptography DEPENDS_ON SPDXRef-35-cffi Relationship: SPDXRef-35-cffi DEPENDS_ON SPDXRef-36-pycparser -Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-23-rsa -Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-32-pyasn1-modules +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-retry-decorator +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-38-google-auth Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-39-cachetools -Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-6-typing-extensions -Relationship: SPDXRef-40-google-auth-httplib2 DEPENDS_ON SPDXRef-29-httplib2 +Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-32-pyasn1-modules +Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-23-rsa +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth-httplib2 Relationship: SPDXRef-40-google-auth-httplib2 DEPENDS_ON SPDXRef-38-google-auth -Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-21-fasteners -Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-40-google-auth-httplib2 DEPENDS_ON SPDXRef-29-httplib2 +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-41-google-apitools Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-29-httplib2 +Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-21-fasteners Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-31-oauth2client +Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-29-httplib2 +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-26-google-reauth +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-42-monotonic +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-33-pyopenssl +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-37-retry-decorator +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-38-google-auth +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-40-google-auth-httplib2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-43-jinja2 Relationship: SPDXRef-43-jinja2 DEPENDS_ON SPDXRef-44-markupsafe -Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-46-jsonschema-specifications -Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-47-referencing -Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-48-rpds-py +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jsonschema Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-46-jsonschema-specifications Relationship: SPDXRef-46-jsonschema-specifications DEPENDS_ON SPDXRef-47-referencing +Relationship: SPDXRef-47-referencing DEPENDS_ON SPDXRef-7-attrs Relationship: SPDXRef-47-referencing DEPENDS_ON SPDXRef-48-rpds-py Relationship: SPDXRef-47-referencing DEPENDS_ON SPDXRef-6-typing-extensions -Relationship: SPDXRef-47-referencing DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-15-defusedxml -Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-45-jsonschema +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-47-referencing +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-48-rpds-py +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-lib4sbom Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-50-pyyaml Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-51-semantic-version -Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-52-xmlschema -Relationship: SPDXRef-52-xmlschema DEPENDS_ON SPDXRef-53-elementpath -Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-49-lib4sbom -Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-55-csaf-tool -Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python -Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python -Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich -Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py -Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments -Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl -Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-61-packaging -Relationship: SPDXRef-62-plotly DEPENDS_ON SPDXRef-63-narwhals -Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer -Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3 -Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi -Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-6-typing-extensions -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-15-defusedxml +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-52-fastjsonschema +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-45-jsonschema +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-53-xmlschema +Relationship: SPDXRef-53-xmlschema DEPENDS_ON SPDXRef-54-elementpath +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-lib4vex +Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-49-lib4sbom +Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-56-csaf-tool +Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-57-packageurl-python +Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-58-rich +Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-59-markdown-it-py +Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl +Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-61-pygments +Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-57-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly +Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-narwhals +Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-50-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-requests +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-charset-normalizer +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-urllib3 +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-certifi +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-rich +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-zipp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard